PT-2021-12036 · Linux Pam · Linux-Pam

Matthias Gerstner

Published

2021-06-22

Updated

2021-06-29

CVE-2020-36394

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux-PAM versions prior to 2020-05-29

Description: The issue allows local attackers to set their quota on an arbitrary filesystem, specifically in situations where the attacker's home directory is a FUSE filesystem mounted under /home. This is due to a problem in the pam setquota module.

Recommendations: For versions prior to 2020-05-29, update to a version released after 2020-05-29 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-36394

Affected Products

Linux-Pam

PT-2021-12036 · Linux Pam · Linux-Pam

CVE-2020-36394

Related Identifiers

Affected Products

References · 7